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* notices * 

JPO and NCXPI are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original precisely. 
2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] To a web server connectable with the distributed file system of a distributed computer environment In that in which it is the 
approach of attesting a client and said distributed computer environment contains the security service which returns rating certification 
to the user who had access to said distributed file.system attested a) Reception of the user ID from said client by said web server and a 
password is answered. The step which memorizes the rating certification which performs a log in protocol with said security service, 
and is produced as a result, b) The step which returns the self-sustaining client condition object which has an identifier in said client, c) 
Approach containing the step which gains continuing access to the web document in said distributed file system when said client uses 
said self-sustaining client condition object containing said identifier instead of said user ID and a password. 

[Claim 2] The approach according to claim 1 used in order that said identifier in said self-sustaining client condition object may search 
the rating certification memorized at said step to memorize. 

[Claim 3] The approach according to claim 1 by which said web server is provided with said user ID and password by HTML format. 
[Claim 4] The approach according to claim 3 by which said HTML format is completed by the user of said client. 
[Claim 5] To a web server connectable with the distributed file system of a distributed computer environment In that in which it is the 
approach of attesting a web client, and said distributed computer environment contains the security service which returns rating 
certification to the user who had access to said distributed file system attested a) The HTTP demand received by said web server is 
answered. The step which judges whether said web client has the browser which supports a self-sustaining client condition object, b) 
When said web client has the browser which supports said self-sustaining client condition object, The step at which the 1st self- 
sustaining client condition object containing URL from which said web server is discriminated by said web client by log in HTML 
format and said HTTP demand is transmitted, c) The step to which said user completes said HTML format with user ID and a 
password, d) The step which returns the completed format to said web server together with said 1st self-sustaining client condition 
object containing said URL, e) Extract information from said completed format and a log in protocol is performed with said security 
service. The step which generates rating certification, and the step which returns the 2nd self-sustaining client condition object which 
has an identifier in the f aforementioned web client, g) Approach containing the step which gains continuing access to the web 
document in said distributed file system when said web client uses said 2nd self-sustaining client condition object containing said 
identifier instead of user ID and a password. 

[Claim 6] The approach according to claim 5 used in order that said identifier may access said rating certification. 
[Claim 7] To a web server connectable with the distributed file system of a distributed computer environment In that in which it is the 
approach of attesting a web client, and said distributed computer environment contains the security service which returns rating 
certification to the user who had access to said distributed file system attested a) Reception of the transaction request from said web 
client is answered. The step which judges whether a log in protocol is performed with said security service, and said web client has an 
access privilege to said distributed file system, b) The step which returns an error message to said web client when said web client 
does not have an access privilege to said distributed file system, c) When said web client has an access privilege to said distributed file 
system, The step which memorizes the rating certification generated as a result of said log in protocol in the database of the rating 
certification related with an attested user, d) The step which returns the Cookie which has the identifier related with said web client by 
said web client at a proper, e) Approach containing the step from which said client gains continuing access to the web document in 
said distributed file system by using said Cookie instead of user ID and a password. 

[Claim 8] The approach according to claim 7 used in order that said identifier in said Cookie may search the rating certification 
memorized from said database at said step to memorize. 

[Claim 9] To a web server connectable with the distributed file system of a distributed computer environment In that in which it is the 
approach of attesting a web client, and said distributed computer environment contains the security service which returns rating 
certification to the user who had access to said distributed file system attested The step which holds to storage said rating certification 
of the user who had access to said distributed file system attested, Reception of the self-sustaining client condition object which has an 
identifier from said web client is answered. How to contain the step which accesses one of the rating certification in said storage, and 
the step which accesses the file in said distributed file system using said rating certification using said identifier. 
[Claim 10] To a web server connectable with the distributed file system of a distributed computer environment It is the computer 
program product used in order to attest a web client. In that in which said distributed computer environment contains the security 
service which returns rating certification to the user who had access to said distributed file system attested A computer read-out 
possible storage and the program data memorized by said computer read-out possible storage are included. Said program data answer 
reception of the user ID from said web client by said web server, and a password. A means to memorize the rating certification which 
performs a log in protocol with said security service, and is produced as a result, A means to return the self-sustaining client condition 
object which has an identifier in said web client, The computer program product which answers reception of said self-sustaining client 
condition object containing said identifier, and includes a means to control continuing access to the web document in said distributed 
file system. 

[Claim 1 1] A computer program product including a means by which said program data answer said log in protocol, and generate an 
error message according to claim 10. 

[Claim 12] The computer program product according to claim 10 with which said program data include a means to establish storage of 
said rating certification of the user attested by said distributed file system. 

[Claim 13] The computer program product according to claim 10 said whose self-sustaining client condition object is Cookie. 
[Claim 14] To a web server connectable with the distributed file system of a distributed computer environment It is the computer 
program product used in order to attest a web client. In that in which said distributed computer environment contains the security 
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service which returns rating certification to the user who had access to said distributed file system attested A computer read-out 
possible storage and the program data memorized by said computer read-out possible storage are included. A means by which said 
program data hold storage of said rating certification of the user who had access to said distributed file system attested, By answering 
reception of the self-sustaining client condition object which has an identifier from said web client, and accessing one of said the 
rating certification in said storage using said identifier A computer program product including the means which enables access of the 
web document in said distributed file system. 

[Claim 1 5] It is a computer connectable with the distributed computer environment containing the security service for returning rating 
certification to the user who had access to a distributed file system attested. A processor, An operating system and a stateless computer 
network are minded. The web server program which provides a web client connectable with a web server program with World-Wide- 
Web information retrieval, Server plug-in which attests said web client to said web server program is included. Said server plug-in 
answers reception of the user ID from said web client by said web server, and a password. A means to memorize the rating 
certification which performs a log in protocol with said security service, and is produced as a result, A means to return the self- 
sustaining client condition object which has an identifier in said web client, The computer which answers the reception which said 
self-sustaining client condition object containing said identifier follows instead of user ID and a password, and includes a means to 
control access to the web document in said distributed file system. 

[Claim 1 6] The computer according to claim 1 5 by which said means to control accesses said rating certification using said identifier. 
[Claim 1 7] It is the approach of accessing a document from the distributed file system to which a web server and said web server are 
connected. In what has the security service with which said distributed file system supported within a distributed computer 
environment returns rating certification to the user who had access to said distributed file system attested a) Reception of the user ID 
from said web client by said web server and a password is answered. The step which memorizes the rating certification which 
performs a log in protocol with said security service, and is produced as a result, b) The step which returns the self-sustaining client 
condition object which has an identifier in said web client, c) when said client uses said self-sustaining client condition object 
containing said identifier instead of said user ID and a password The approach containing the step which gains access to the web 
document in said distributed file system, and the step from which the d aforementioned web client gains access to the web document in 
said web server using said user ID and password. 

[Claim 1 8] The approach containing the step holding storage of said rating certification of the user who had use of said distributed file 
system attested according to claim 1 7. 

[Claim 1 9] The approach according to claim 1 8 used in order that said identifier may search said rating certification from said storage. 
[Claim 20] The approach according to claim 17 of containing the step which provides said web client with the error message of a 
special order from said web server, when said log in protocol is unsuccessful. 



[Translation done.] 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] It is related with generally this invention enabling access to the web document especially memorized by the 

safe distributed file system about web transaction processing. 

[0002] 

[Description of the Prior Art] The World Wide Web of the Internet is the most successful distributed application in the history of a 
computer. In a web environment, a client machine uses a hyper-text transfer protocol (HTTP) for the transaction to a web server, and 
this is a known application protocol which offers the user access to files (for example, a text, graphics, an image, a sound, video, etc.) 
using the Page Description Language of the criterion known as a hyper-text markup language (HTML). HTML offers the formatting 
of original source documents and a developer is enabled to specify the "link" to other servers and files. The network path to a server is 
identified in the paradigm of the Internet by the so-called uniform resource locator (URL) which has the special functor of defining 
network connection. Use of the browser (for example, Netscape Navigator) compatible with HTML in a client machine includes 
assignment of the link through URL. According to it, a client gives a demand to the server identified in a link, and receives the 
document formatted into collateral according to HTML. 

[0003] Many organizations use two or more computers which interconnect within a distributed computer environment, and a user 
accesses a distributed resource and processes application there. The known distributed computer environment called DCE has been 
realized using available software from OSF (Open Systems Foundation). Much application may be used in order to offer distributed 
service of data common use, printing service, database access, etc., if the DCE environment comes to be chosen as solution in a 
company. OSF DCE contains the distributed file system called the distributed file service (DFS) used in these environments. 
[0004] DFS offers many advantages in which the file server of a standalone version is excelled. The protection of information by data 
and the high availability of a resource, the capacity that shares information over the whole super-large system, and the steadfast DCE 
security device etc. is contained in them. Especially, DFS makes a file usable to altitude through a duplicate, and even if one of the 
machines by which a file is arranged breaks down, it makes it possible to access the copy of a file. DFS gathers up all the files 
memorized by various file systems again in global-area name space. Two or more servers can export those file systems to this name 
space. All DFS users share this name space soon, and all DFS files become usable easily from the DFS client machine of arbitration. 
[0005] In order to use the scalability, file availability, and security device of DFS (or other similar distributed file systems), it is very 
desirable to extend the function of the web server of the existing standalone version in a company environment. The user who has an 
off-the-shelf browser (namely, ready-made) as a by-product can access easily without the software of the addition on a client machine 
the web information memorized in DFS name space. However, in order to attain this target, it is required to unify with the 
conventional DFS security the security device offered by the web server. One of the options is using a basic (provided by web server) 
authentication (Basic Authentication) device, and gaining user ID and a password to each HTTP demand. However, there are some 
problems in using a known basic authentication device in the situation of DFS. 
[0006] 

[Problem(s) to be Solved by the Invention] Especially, user ID and a password are passed to all demands. Therefore, they tend to be 
attacked by the invader even if a password is protected according to a specific encryption device (for example, SSL). It is difficult 2nd 
for DFS and a web server security device to live together. A browser memorizes the user ID and the password which are transmitted to 
a specific server, and user ID and a password are added to all HTTP demands transmitted to the server. When the device in which a 
distributed file system is made to access a web server is offered, a web server will hold both the document (protected by web server 
security) memorized on a server local directory, and the document (protected by DFS security) memorized on DFS. If it sees from a 
browser, a web server will be a single server and will only memorize one pair of user ID and the password to the web server. When the 
user is browsing both the DFS document and the web server document, a user will be reminded of user ID and a password, the change 
in a web server document from a DFS document, and whenever [ its ] it is reverse. Finally, when DFS authentication goes wrong, only 
the restricted error information may be returned to a user. 

[0007] These problems make a known basic authentication device unsuitable, when unifying a web server and a DFS security device. 
This invention solves this problem. 

[0008] The 1st purpose of this invention is attesting the user who accesses a distributed file system through the Internet World-Wide- 
Web server. 

[0009] Another purpose of this invention is ofTering the distributed file system authentication device for web browsing only a transfer 
of user ID and a password being required, when a user logs in to a file system for the first time through a web server. To the 
continuing demand, the secret handle memorized by "Cookie (cookie)" is transmitted to a web server from a web browser. 
[0010] Furthermore, another purpose of this invention is making easy safe web document access from a distributed file system by 
using a self-sustaining client condition HTTP Cookie authentication device. 

[001 1] Furthermore, if a user is already log in ending at DFS when a user changes from a DFS document to a web server document, 
another purpose of this invention is realizing the authentication device of the Cookie base for the DFS web server application which 
coexists with a known basic authentication security device, as it does not press for user ID and a password. 

[0012] Furthermore, another purpose of this invention is offering the customized error message which is transmitted to a browser from 
a web server instead of the error message offered according to a known basic authentication device. 

[0013] The more general purpose of this invention is unifying with the conventional DFS security the security device offered by the 
web server. In a company environment, this raises the function of the web server of the existing standalone version so that the 
scalability, file availability, and security device of DFS (or other similar distributed file systems) may be used. The user who has an 
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off-the-shelf browser as a by-product can access easily without the software of the addition on a client machine the web information 

memorized in DFS name space. 

[0014] 

[Means for Solving the Problem] It is provided by these approaches of this invention that reach and other purposes attest a web client 
to a web server connectable with the distributed file system of a distributed computer environment. A distributed computer 
environment contains the security service which returns rating certification to the user who had access to a distributed file system 
attested. Reception of the user ID from the web client by the web server and a password is answered, and a log in protocol is 
performed with security service. When a user may be attested, the Inn memory rating certification database of rating certification with 
which rating certification is related with an attested user memorizes. Next, a web server returns the self-sustaining client condition 
object which has the identifier of a proper in a web client. Although this object is referred to as Cookie by the way, it is used in order 
for this to enable a web client next to browse the web document in a distributed file system. When you wish to publish the demand 
which a web client follows especially to a distributed file system, the self-sustaining client condition object containing an identifier is 
used instead of user ID and a password, and this makes a session much more safe. In this actuation, a Cookie identifier is used as a 
pointer to the Inn memory rating certification database, and in order that rating certification may be searched next and may make easy 
multiple-files access from a distributed file system, it is used. 

[0015] A web client can still gain access to a web server (distributed file system document by contrast) document through the 
conventional user ID and the conventional password in a HTTP demand to coincidence. 

[0016] According to the suitable approach of this invention, it is judged first whether an initial HTTP demand is answered and it has 
the browser to which a web client supports a self-sustaining client condition object, i.e., "Cookie." When it has, a web server transmits 
log in HTML format and the 1st Cookie containing URL identified by HTTP demand to a web client. Next, with his user ID and 
password, it presses for a user so that HTML format may be completed. Then, a web client returns the completed format to a web 
server together with the 1 st Cookie. In a web server, information is extracted from the completed format and the log in protocol of a 
distributed file system is supplied. If a log in is successful, user rating certification will be generated and the Inn memory rating 
certification database will memorize suitably. When a log in is unsuccessful, an error message is returned to a web client. Next, a 
proper identifier is generated to an attested user and this is used as a pointer to a rating certification database. Next, this identifier is 
arranged in the new Cookie transmitted to a web client. New Cookie is used next by the web client for all continuing file accesses to a 
distributed file system. By using new Cookie, a web client does not need to transmit repeat user ID and a password through a network. 
However, a client can still use user ID and a password, and can gain simple file access from a web server (a distributed file system by 
contrast). 

[0017] The above-mentioned explanation describes some outlines of the purpose and the description that this invention is related. 
These purposes may be gained like the after-mentioned that the useful result of many others applies this invention indicated to another 
appearance, or by changing this invention by expressing some of descriptions which were only excellent in this invention, and 
applications. Therefore, other purposes of this invention and a perfect understanding will be obtained by referring to the gestalt of 
operation of below-mentioned this invention. 
[0018] 

[Embodiment of the Invention] The typical system by which this invention is realized is shown in drawing 1 . A client machine 10 is 
connected to the web server platform 12 through a communication channel 14. A communication channel 14 is the Internet, intranet, 
or other known connection on account of explanation. In the case of the Internet, the web server platform 12 is one of two or more of 
the accessible servers by the client, and one of the clients is shown by the machine 10. A client machine is a known software tool used 
in order that this may access a network server including a browser 16. As an example, a client machine is a personal computer. A 
network SUKEBU navigator (all versions), Microsoft Internet Explorer (all versions), etc. are contained in a typical browser, and these 
each is software programs in which off-the-shelf [ "off-the-shelf ] or download is possible. A web server platform (sometimes 
referred to as a "web" site) supports a file with the format of a hyper-text document and an object. The network path to a server is 
identified by the so-called uniform resource locator (URL) in the paradigm of the Internet. World Wide Web is the multimedia 
information retrieval system of the Internet. Especially this is the set of the server of the Internet which uses a hyper-text transfer 
protocol (HTTP), and HTTP offers the user access to a file using a hyper-text markup language (HTML). 

[0019] The typical web server platform 12 is IBM. RISC This executes the web server programs 22, such as the AIX (4. 1 or above 
extended dialogue executive versions) operating system 20 and the Netscape ENTAPU rise version 2.0 which supports an interface 
escape, including System/6000 computer 18. The web server platform 12 includes the graphical user interface (GUI) 24 for 
management further. Various models of the computer of the RISC base are described by many publications of IBM, for example, 
"RISC System/6000, 013 and 7016 POWERstation and POWERserver Hardware Technical Reference", and the order number SA 23- 
2644-00. AIX OS is described by "AIX Operating System TechnicalReference" (the 1st edition, November, 1985) of the IBM issue 
etc. Although the above-mentioned platform is useful, the combination of other suitable hardware / operating system / web servers of 
arbitration may be used. 

[0020] A web server accepts a client demand and returns a response. Actuation of a web server 1 8 is managed by much server 
application functions (SAF), and each SAF is constituted so that it may perform in the specific step of a sequence. This sequence is 
shown in drawing 2 , it starts at the authorization conversion (authorization translation) step 30, and the authorization information on 
arbitration that a server is transmitted by the client between them is changed into a user and a group. If needed, an authorization 
conversion step decodes a message and gains an actual client demand. It is called name conversion, and URL related with a demand is 
maintained as it is, or step 32 may be changed into the file name of system dependence, Redirection URL, or a mirror site URL. Step 
34 is called a path check, a server performs various tests for the path of a result, and it is guaranteed that a given client can search a 
document. By the way, step 36 is referred to as an object type, and the MIME (multiple-purpose Internet mail escape) type information 
(for example, a text/html, an image/gif, etc.) over a given document is identified. Step 38 is called service, and a Web server routine 
chooses internal server ability, and returns a result to a client through the server service routine of normal. It depends on the property 
of a demand for the specific function chosen. Step 40 is called a log addition and the information about a transaction is recorded. 
When step 42 is called an error and an error is encountered, a server answers a client. Detail of these actuation is given by "Web 
Server Programmer's Guide" of the Netscape company issue, and Chapter 5. 

[0021] A web server 18 includes the known set of a server application function (SAF). These functions return the demand of a client, 
and other configuration data of a server to reception, and return a response to a server as an output as an input, if drawing 1 is referred 
to again, a web server 1 8 will offer the escape to which this is enabled for an application developer to lead the software program 
generally referred to as "plug-in", and to extend and (or) customize a core function (namely, SAP) including the application 
programming interface (API) 26. This invention uses a server API 26, plug-in which makes a user's authentication easy is offered, and, 
thereby, as for the user of a client machine 10, web access to the document on a distributed file system 50 is attained using a browser. 
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[0022] According to the general purpose of especially this invention, the user of a client machine 10 uses the off-the-shelf (or 
unconsciously [ Intention target ]) browser 16, and makes it possible to access, browse and search the document arranged in a 
distributed file system 50. Such one file system 50 is distributed file service (DFS), and this is a known distributed file system realized 
in the network environment called a distributed computer environment (DCE). DCE is realized using available software from OSF. In 
a distributed computer environment, the group of a machine is usually referred to as a "domain." OSF A DCE domain is called a "cel." 
A DCE eel may be a complicated environment containing hundreds of machines which exist in much location. 
[0023] DCE DFS50 — a naming sake — a remote procedure call (RPC) — moreover, data utility service is offered by using the DCE 
security service 52 for authentication service. DFS50 carries out an interface to the DCE security service 52 through the session 
manager process 27. This is explained in full detail by the United States patent application 08th / No. 790042. In addition to use of 
DCE service, the own device of DFS is abundant. By making it possible to view the file space where DFS offers uniform global-area 
file space, and all DFS client users are the same as for this, and carrying out the cache of the file system data in a client, the network 
traffic to a file server is reduced and scalability and the engine performance are improved. DFS supports one of the devices in the 
capacity which exports a notice file locking and the native file system of an operating system again. For example, in the case of an 
AIX operating system, a native file system is ajar NARUDO file system (JFS). Furthermore, DFS offers, the physical file system 
(LFS), i.e., the DCE local file system, of itself. DCE LFS provides the support of the DCE access control list (ACL) about the file and 
directory for protecting access to data, and a list with advanced data control capacity, such as a duplicate and load equilibration. 
[0024] DFS50 uses the so-called authentication of the DCE Kerberos base (Kerberos-based). The "rating certification" of UNIX is 
related with each file manipulation, and holds the local authentication information on the actuation. Especially rating certification is 
DS which defines a specific machine (or user on a multiuser machine). From a viewpoint of a local operating system, rating 
certification contains arbitrarily user ID, group ID, and the list of privileges of an operating system and the authentication identifier 
known as PAG (process authentication group). PAG functions between DFS50 and the DCE security service 52 as a tag which 
associates a "ticket." When a DFS user attests through a known DCE log in device as dce_login, DCE security service has a dialog 
through DFS (minding a network) and a setpagO interface, and PAG / ticket relation to the rating certification of a process are 
established. On the occasion of a file system demand, DFS extracts PAG from rating certification structure, and establishes a DCE 
user's authentication to the RPC demand to a DFS file server. 

[0025] The flows of control related with this invention are shown in the process flow Fig. of drawing 3 R> 3. This drawing shows the 
basic system of drawing 1 , and contains the account manager 56 who has the related database 58. It starts at the time of initialization 
of a web server, and the session manager 27 is suitably performed by workstation computer 1 8. The session manager 27 includes the 
storage area 29 of itself. When a client 10 requires a DFS (leading browser 16) document (step a), a web server 22 calls a server (using 
SAF plug-in 25) path check (step b). It judges whether a path check has DCE rating certification with a suitable user by the session 
manager 27. In negation (step c), the SAF plug-in 25 returns an error message (for example, "401 ; unauthorized") to a browser 16 
(step d), and reminds a user of user ID and a password. After gaining user ID and a password from a user (step e), the SAF plug- in 25 
calls the session manager 27 (step f), and gains a user's DCE rating certification. The session manager 27 returns DCE rating 
certification to a web server 22 (step g). Next a server uses this user rating certification showing a user, and searches the document 
memorized by DFS50 (step h). The account (using another API plug-in suitably) manager 56 is called after searching a document (step 
i), and suitable use information is kept in a database 58 (step j). 

[0026] When trying in order that a user may access a DFS file, the session manager 27 is called by the web server. When the user is 
already attested by DCE, the session manager 27 returns user rating certification to a server, and a server uses this rating certification 
and searches a DFS document for a user. When the user is not attested, the session manager 27 logs in for a user, and gains rating 
certification from DCE security. A session manager holds an in-memory database, the user who logged in is pursued, and, thereby, a 
user can access two or more DFS pages. 

[0027] Instead of using a basic authentication device, this invention uses self-sustaining client condition HTTP Cookie. Cookie is the 
known Internet device which can use the connection by the side of a server (CGI script etc.), in order to memorize and retrieve the 
information on a client side. A server can also transmit status information again, when returning a HTTP object to a client. A client 
memorizes this status information. Usually, the condition object called "Cookie" may include description of the range of URL with the 
effective condition. According to "Persistent Client State HTTP Cookies" and Preliminary Specification which are seen by 
pass"/newref7std/cookie_spec_html" of netscape.com, Cookie is usually introduced into a client by including a Set_Cookie header as a 
part of HTTP response through a CGI script. Known Cookie functor is shown below. 

[0028] Functor of a Set-Cookie HTTP response header: This is the format of a CGI script for adding the new data memorized by the 

client for next retrieval to a HTTP header. 

Set-Cookie:NAME=VALUE;expires=DATE; 

path=PATH;domain=DOMAIN_NAME;secure [0029] NAME= VALUE -- this string is a semicolon, a comma, and an alphabetic 
character sequence except a null. When such data need to be arranged in a name or a value, the specific coding approaches, such as 
URLstyle%XX coding, are recommended. However, coding is not defined or required. This is the only attribute demanded on a 
Set_Cookie header. 

[0030] An expires=DATEexpires (term) attribute specifies the data string who defines the service life of the Cookie. If it reaches on 
the expiration date, Cookie will not be memorized or distributed any longer. The date string is as follows. 

Wdy, DD-Mon-YYY HH:MM:SS GMT [0031] domain=DOMArN_NAME - when looking for Cookie Liszt in quest of effective 
Cookie, the domain (domain) attribute of Cookie is compared with the Internet domain name of the host to whom the fetch of the URL 
is carried out. If a tail is in agreement, Cookie will check whether it should be transmitted or not through path matching. "Tail 
matching" means that a domain attribute is matched to a host's tail of a completely proper domain name. For example, the domain 
attribute of "acme.com" is matched with host names, such as "shipping.crate.acme.com" and "anvil.acme.com." 
[0032] Only the host in the domain specified can set Cookie to a domain, and a domain must have at least two or three periods, in 
order to avoid the domain of the format of ".com", ".edu", and "va.us." The domain of the arbitration included in one of the seven 
special top level domains shown below needs only two periods, all — others -- a domain needs at least three periods. Seven special top 
level domains are "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT." The default of a domain is the host name of the server 
which generated the Cookie response. 

[0033] A path=PATHpath (path) attribute is used in order to specify the subset of URL in the domain where Cookie is effective. When 
Cookie is already in agreement by domain matching, the path name element of URL is compared with a path attribute, and when 
coincidence exists, it is considered that Cookie is effective and it is transmitted together with a URL demand. Path'Vfoo" is in 
agreement with "/foobar" and "/foo/bar.html." Path"/" is the most general path. When a path is not specified, it is assumed that it is the 
same path as the document described by the header containing Cookie. 

[0034] the case where secure Cookie is marked with secure (insurance) — case a communication channel with a host is safe for this — 



http ://www4.ipdl.ncipi . go jp/cgi-bin/tran_web_cgi_ejj e 



6/13/2005 



JP,10-257048,A [DETAILED DESCRIPTION] 



Page 4 of 6 



as long as — it is transmitted. Current and this mean that safe Cookie is transmitted only to a HTTPS (HTTP through SSL) server. 
When secure is not specified, even if a non-protecting channel top is transmitted to Cookie by the plaintext, it considers that it is safe. 
[0035] Functor of a Cookie HTTP request header: When requiring URL from a HTTP server, and a browser matches URL to all 
Cookie and its either of those corresponds, Rhine containing the pair of the name/value of all the congruous Cookie is included in a 
HTTP demand. The format of the Rhine is shown below. 

Cookie:NAME 1 =OPAQUE_STRING 1 ;NAME2=OPAQUE_STRING2 [0036] The flow chart which shows the authentication flow of 
this invention using HTTP Cookie is shown in drawing 4 . A routine is started at step 60 to each HTTP demand received by the server. 
It is judged whether it was transmitted at step 62 by the browser to which a demand supports HTTP Cookie. For example, although 
both Netscape browser (for example, navigator (all versions)) and Microsoft browser (for example, Microsoft Internet Explorer (all 
versions)) support Cookie, the browser program of other marketing is not supported. When the result of the test of step 62 is negation, 
it is used in order that basic authentication may attest a user at step 64. When the test result of step 62 is affirmation (mat is, a browser 
supports Cookie), this approach is continued to step 66 and it tests whether the existing Cookie is contained in a request header. When 
the test result of step 66 is affirmation, the user is already attested and basic authentication is used. Although a browser supports 
Cookie when the result of step 66 is negation, Cookie does not exist yet. 

[0037] At step 68, a server returns log in HTML format and reminds a user of user ID and a password. A server returns the Cookie 
which contains as an entry URL of the document demanded by the user again. After user ID is especially attested by the DCE security 
server as mentioned above (minding a session manager), a web server needs to search a document for a user. In this case, a web server 
needs original URL, in order to search a document. Since a web server is statelessness, a browser must be provided with original URL. 
This is attained by offering Cookie. At step 70, a user enters user ID and a password in HTML format. The format itself is generated 
like known using a CGI script. At step 72, the user ID and the password which were offered in format are returned to a server together 
with the Cookie which the browser received at step 68. 

[0038] Using user ID and a password, it continues to step 74 and a routine attests a user through the conventional dce_login device. 
Like known, activation of dce_login generates the "rating certification" used in order that a user may gain access to DFS. When un- 
succeeding [ of authentication ] is judged as a result of step 76, a server is step 80 and returns the customized HTML document which 
describes a specific failure to a browser. Next, the Cookie generated at step 68 is destroyed at step 81. When a success of 
authentication is judged at step 76, it continues to step 77 and a routine generates ID (for example, DCE UUID) of a user's proper. At 
step 78, the DFS rating certification generated by the log in (to DCE security server) is memorized by the database (suitably in- 
rriemory storage) related with a session manager, and an indexing is carried out by ID of a proper. 

[0039] It continues to step 82 and a routine returns the new Cookie containing ID of the proper generated by the browser at step 77. 
Next, the Cookie generated at step 68 is destroyed at step 83. ID of a proper is a secret handle in fact, and this is an entry to the table of 
the rating certification memorized by the database related with a session manager. To the continuing demand to the service from a 
browser, ID (supported within the new Cookie returned to the browser from the server at step 82) of a proper is used as a pointer 
indicating a user's DFS rating certification memorized by this database. Therefore, a server receives the new demand which has the 
new Cookie containing ID of a proper at step 84. At step 86, in order that ID of this proper may gain a user's rating certification, it is 
used. It is used in order to search with step 88 the web document with which rating certification is supported within DFS (web server 
suitably under pretense of a browser). 

[0040] The demand which continues from a browser transmits the Cookie which has ID of a proper, therefore steps 84, 86, and 88 are 
repeated to all continuing demands. Therefore, according to this invention, it is required, when a transfer of user ID and a password 
logs in first only once and a user logs in to DFS. Then, it is transmitted on the occasion of the demand which the Cookie which has ID 
of a proper follows. This device can coexist with the basic authentication security device offered by the web server. If the user has 
already logged in through DCE security service when changing from a DFS document to a web server document, he will not be again 
reminded of user ID and a password. The customized error message may be returned to a browser, without being restricted to the error 
code specified in a basic authentication device. 

[0041] One of the suitable examples of the authentication device of the Cookie base of this invention exists in the random access 
memory of a computer as an instruction set in a code module (program code). An instruction set may be memorized in [, such as an 
optical disk (used by CD ROM drive) or a floppy disk (used by the floppy disk drive), / which can be removed ] another computer 
memory, for example, a hard disk drive, or memory, or may be downloaded through a computer network until it is required by 
computer. Furthermore, although various approaches mentioned above are alternatively realized conveniently by software in activation 
or the general purpose computer reconfigurated, it will be understood by this contractor that such an approach may be realized by 
hardware, firmware, or the special equipment constituted so that the approach step demanded might be performed. 
[0042] It connects with computer networks, such as the Internet, directly or indirectly, or the "web" client should be widely interpreted 
as meaning the computer of the known of arbitration, or arbitration connectable in the format developed behind, or its component so 
that it may be used on these specifications. The vocabulary "web" server should also be widely interpreted so that a computer, a 
computer platform, a computer, the add-on of a platform, or the component of the arbitration may be meant. 
[0043] Furthermore, although this invention has been described about the suitable example in a specific distributed file system 
environment, when this invention follows modification on the meaning and within the limits, it will be understood by this contractor 
that it may realize also in other different hardware and operating system architecture. It follows, for example, although the off-the- 
shelf browser was realized so that this invention might be suitably accessible in the web document memorized by DFS, the principle of 
this invention is applicable like other known architecture, such as AFS (DFS was drawn), not to mention the Network File System 
(NFS) developed by Sun Microsystems, Inc. Furthermore, OSF DCE is not the requirement of this invention, either. 
[0044] As a conclusion, the following matters are indicated about the configuration of this invention. 

[0045] (1) To a web server connectable with the distributed file system of a distributed computer environment In that in which it is the 
approach of attesting a client and said distributed computer environment contains the security service which returns rating certification 
to the user who had access to said distributed file system attested a) Reception of the user ID from said client by said web server and a 
password is answered. The step which memorizes the rating certification which performs a log in protocol with said security service, 
and is produced as a result, b) The step which returns the self-sustaining client condition object which has an identifier in said client, c) 
Approach containing the step which gains continuing access to the web document in said distributed file system when said client uses 
said self-sustaining client condition object containing said identifier instead of said user ID and a password. 

(2) The approach of the aforementioned (1) publication used in order that said identifier in said self-sustaining client condition object 
may search the rating certification memorized at said step to memorize. 

(3) The approach of the aforementioned (1) publication that said web server is provided with said user ID and password by HTML 
format. 

(4) The approach of the aforementioned (3) publication that said HTML format is completed by the user of said client. 
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(5) To a web server connectable with the distributed file system of a distributed computer environment In that in which it is the 
approach of attesting a web client, and said distributed computer environment contains the security service which returns rating 
certification to the user who had access to said distributed file system attested a) The HTTP demand received by said web server is 
answered. The step which judges whether said web client has the browser which supports a self-sustaining client condition object, b) 
When said web client has the browser which supports said self-sustaining client condition object, The step at which the 1st self- 
sustaining client condition object containing URL from which said web server is discriminated by said web client by log in HTML 
format and said HTTP demand is transmitted, c) The step to which said user completes said HTML format with user ID and a 
password, d) The step which returns the completed format to said web server together with said 1 st self-sustaining client condition 
object containing said URL, e) Extract information from said completed format and a log in protocol is performed with said security 
service. The step which generates rating certification, and the step which returns the 2nd self-sustaining client condition object which 
has an identifier in the f aforementioned web client, g) Approach containing the step which gains continuing access to the web 
document in said distributed file system when said web client uses said 2nd self-sustaining client condition object containing said 
identifier instead of user ID and a password. 

(6) The approach of the aforementioned (5) publication used in order that said identifier may access said rating certification. 

(7) To a web server connectable with the distributed file system of a distributed computer environment In that in which it is the 
approach of attesting a web client, and said distributed computer environment contains the security service which returns rating 
certification to the user who had access to said distributed file system attested a) Reception of the transaction request from said web 
client is answered. The step which judges whether a log in protocol is performed with said security service, and said web client has an 
access privilege to said distributed file system, b) The step which returns an error message to said web client when said web client 
does not have an access privilege to said distributed file system, c) When said web client has an access privilege to said distributed file 
system, The step which memorizes the rating certification generated as a result of said log in protocol in the database of the rating 
certification related with an attested user, d) The step which returns the Cookie which has the identifier related with said web client by 
said web client at a proper, e) Approach containing the step from which said client gains continuing access to the web document in 
said distributed file system by using said Cookie instead of user ID and a password. 

(8) The approach of the aforementioned (7) publication used in order that said identifier in said Cookie may search the rating 
certification memorized from said database at said step to memorize. 

(9) To a web server connectable with the distributed file system of a distributed computer environment In that in which it is the 
approach of attesting a web client, and said distributed computer environment contains the security service which returns rating 
certification to the user who had access to said distributed file system attested The step which holds to storage said rating certification 
of the user who had access to said distributed file system attested, Reception of the self-sustaining client condition object which has an 
identifier from said web client is answered. How to contain the step which accesses one of the rating certification in said storage, and 
the step which accesses the file in said distributed file system using said rating certification using said identifier. 

(10) To a web server connectable with the distributed file system of a distributed computer environment It is the computer program 
product used in order to attest a web client. In that in which said distributed computer environment contains the security service which 
returns rating certification to the user who had access to said distributed file system attested A computer read-out possible storage and 
the program data memorized by said computer read-out possible storage are included. Said program data answer reception of the user 
ID from said web client by said web server, and a password. A means to memorize the rating certification which performs a log in 
protocol with said security service, and is produced as a result, A means to return the self-sustaining client condition object which has 
an identifier in said web client, The computer program product which answers reception of said self-sustaining client condition object 
containing said identifier, and includes a means to control continuing access to the web document in said distributed file system. 

(11) The computer program product of the aforementioned (10) publication including a means by which said program data answer said 
log in protocol, and generate an error message. 

(12) The computer program product of the aforementioned (10) publication with which said program data include a means to establish 
storage of said rating certification of the user attested by said distributed file system. 

(13) The computer program product of the aforementioned (10) publication said whose self-sustaining client condition object is 
Cookie. 

(14) To a web server connectable with the distributed file system of a distributed computer environment It is the computer program 
product used in order to attest a web client. In that in which said distributed computer environment contains the security service which 
returns rating certification to the user who had access to said distributed file system attested A computer read-out possible storage and 
the program data memorized by said computer read-out possible storage are included. A means by which said program data hold 
storage of said rating certification of the user who had access to said distributed file system attested, By answering reception of the 
self-sustaining client condition object which has an identifier from said web client, and accessing one of said the rating certification in 
said storage using said identifier A computer program product including the means which enables access of the web document in said 
distributed file system. 

It is a computer connectable with the distributed computer environment containing the security service for returning rating certification 
to the user who had access to a distributed file system attested. (15) A processor, An operating system and a stateless computer 
network are minded. The web server program which provides a web client connectable with a web server program with World-Wide- 
Web information retrieval, Server plug-in which attests said web client to said web server program is included. Said server plug-in 
answers reception of the user ID from said web client by said web server, and a password. A means to memorize the rating 
certification which performs a log in protocol with said security service, and is produced as a result, A means to return the self- 
sustaining client condition object which has an identifier in said web client, The computer which answers the reception which said 
self-sustaining client condition object containing said identifier follows instead of user ID and a password, and includes a means to 
control access to the web document in said distributed file system. 

(16) The computer of the aforementioned (15) publication by which said means to control accesses said rating certification using said 
identifier. 

(1 7) It is the approach of accessing a document from the distributed file system to which a web server and said web server are 
connected. In what has the security service with which said distributed file system supported within a distributed computer 
environment returns rating certification to the user who had access to said distributed file system attested a) Reception of the user ID 
from said web client by said web server and a password is answered. The step which memorizes the rating certification which 
performs a log in protocol with said security service, and is produced as a result, b) The step which returns the self-sustaining client 
condition object which has an identifier in said web client, c) when said client uses said self-sustaining client condition object 
containing said identifier instead of said user ID and a password The approach containing the step which gains access to the web 
document in said distributed file system, and the step from which the d aforementioned web client gains access to the web document in 
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said web server using said user ID and password. 

(1 8) The approach of the aforementioned (17) publication containing the step holding storage of said rating certification of the user 
who had use of said distributed file system attested. 

(19) The approach of the aforementioned (18) publication used in order that said identifier may search said rating certification from 
said storage. 

(20) The approach of the aforementioned (17) publication which contains the step which provides said web client with the error 
message of a special order from said web server when said log in protocol is unsuccessful. 

[Translation done.] 
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* notices * 

JPO and NCXPI are not responsible for any 
damages caused by the use of tnis translation. 

1 .This document has been translated by computer. So the translation may not reflect the original precisely. 
2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 

DESCRIPTION OF DRAWINGS 
[Brief Description of the Drawings] 

[Drawing 1] It is drawing showing the typical system by which plug-in of this invention is realized. 

Prawing 2] It is drawing which answers reception of the demand from the browser of a client machine and in which showing the flow 
chart of actuation by the side of the server of the conventional web transaction. 

Prawing 3] It is the process flow Fig. showing the web transaction realized according to instruction of this invention. 

prawing 4] It is drawing showing the detail flowchart of the process flow of this invention. 

Pescription of Notations] 

1 0 Client Machine 

1 2 Web Server Platform 

14 Communication Channel 

1 6 Browser 

1 8 Computer 

20 AIX Operating System 
22 Web Server Program 

24 Graphical User Interface (GUI) 

25 SAF Plug-in 

26 Application Programming Interface (API) 

27 Session Manager 
29 Storage Area 

50 Distributed File System 
52 DCE Security Service 
56 Account Manager 
58 Database 



[Translation done.] 
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Bj^^-rs/cfefc^ffl^ns. ii^3i7fa«s©^. 

[if^9] #ifc:n>f *-*SSJg©#ffc:7WJU- 
^f-Atc^oj^^x^ • -y— ;<CC. *)*? >>r,4 
r> F*i2aE-r-5^f*^r. tulB^TtJc3>f*-$ 

MlB^tfe^T -^JV- • ^Xf v A^©Ti'tX ; SrSS! 

tr ^ £^ tr © (, » r . 

mitt&y 7 <<>\> ■ ^^fA'^or^-fe^^siEsti/c 

^-1f©ii>ria«*&fiEBJ3£. iatB«j«K:«*r » 7' 
i. 
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[ff^l 0] #tfc3>f x- : $^^g«CWxffc:7 7-0^- 
->;*f i AK:^gi&oJ^il&'?x?'• V— MCC. ^x^-^ 

tft<DtC*it,>T. 

3 > t- * - b pjeet2i^{* <t . 

^^■^a ha^fcfriB-te+x Vf^ • -9--f XTflfr 20 

ffi&m^z-stsmzmm z 5 -r r > f ?v x * 
[stjjssi i ] ffria^o^A . *f-$ifi^ sirtBD^-f 

-2>3MS£#t?. li#:>S 1 0 iBi8©r3>f x -S-T'ny 30 
t -f A- • v^-y-AKigUESft/c^— !f©l>TfB«^aEBJ© 

fBtt£ti3x-f *3Ms*str . i o ga»©=i > f x 

-in ■ y'aif^JumSi. 

4] ^tiO^fx-^iS^co^ti^r • 
7-aic&£SpJ#£& 0 x y • if-/N*K: t 9 x >r • * 5 40 
^r>h£l§aE^*fc&K^£tt*=i:>f • 7' 
na^ABfi-Cfco-C. H?sB^-t5(=i>fx-$S^. 

a— tftc. *ISiI^?:||-r-te+x --f-f*^ 

3 > fx - *S?fcH U *rtttBttlflc£ . 
SWB3 > fx- jtRU b nTt&fBtgig&KfBtg;* titc^v 
^-A • BiilB^'ciy^A • t 1 -***. 

BuiB^ife^T-r^- i^x^A-vOTi'-fe^^sSaE^nfc 

3— !f©roe*ttiEB©ett*«fc-s-a*«£. 5 o 
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i&3iJT£fl§t>-C. frfBfBtf-rtWfjIBigfeaEBJ© 1 o=&T 

©•? x zf%m<D7 z oj^{c-r^#©i . 

£#tf. 3>f x-* - 7 , 0^7A|[D D n. 

S5E3ftfc:x— «ftt. «&fPJ£l|-r;fctf>©-fe*x 'J f 
^ • -9--f*£#if. ^3>f x-^ig^Kl^Dlfig 

«ta»3>f x-5r • h^-mLt, ^x^- 

7-;UK • 9-f K • ■Sx^tf&tfcSfcfltft-rs^x 

BUSB^x^ - d?7^T> h^rBUfB^x^ - If-^* • V'U 

i/jAtcmm-rz-y--^ ■ mm? 

mffB , ?x^-i7-->'N'«:j:^MsB'5x7'- i-7^T>h^ 
6©3— «f i DR^^>7-K©smK:ic;SUr. of 
-C> • T'a hnju^s?ia-fe+^ >;-f-^ • tJ— f x-cntf 
U ^©JSmiC^MtSSEaj^fBlS-rS^i. 
bJIB^xT-- ?7^7>hK, t&M+ZftTZPfmf? 
A T is btKM* 71? x * h ^g?T#ie <t . 
3-1f I DR^^'X -7 - FOftfe •) b?IB!^i]^$ 

[itstii 1 6 ] ffiMzffl®?z&mtmMzm<frzm^ 

T s BUiB^&UHJSrTf-fe^-r ff^3Rl 5fBig©3 
>f x-£. 

[If ^ 17] ^ x 7 ■ t-^. ^lufB'? x^'f- 

•fe^-r^^-Ci-^T. 7rtSC3>f x-^3ES^rtTlJ-^ 
- h §nSg?fB^tfe7 7 ^^1/ • i/XfA*S, B5fE#ffc7 

7 ;i/ • ->xf a^©7 ^•fe^*|giisnfc3.-—tf«: > 
StsiEBj^M-r-fe+x >;x^ - -9--f 

a) B?IB'5x^'-lJ--/<K:«fc^Buf3 , i7x^- Z^ATls 

• hnjU^fiJfB-fe+^U-r-f •if-f^T 
fWfb. ^©^^OiifftSlEW^fBK-rS^^y^ 
i> 

b) fifB^xy- i7 7-<T>h«:. «J}iJ?-**r4»tt 

c) BafB^^TO h*s, ttrfB^— <f I DR.CX/^'?- 
K©fU? "5 (C. milBi^SiJ-T^^^tf BufB^d' 7 ^ 7> h 



5 

4)V • ->X^Aft<D^ x^Xf^©7 5*z7.ikW\W?Z> 
d) lufB^xy • *^t>f#, WE^-lf I DM 

9 ] |JIHSa«^^SBiatB*^S9I2«tSSE^ 

ms&v*? t>m&o*? - 2 5<<T>h 
t? , mag 1 7 i5is<D^a„ 

[0 00 1 ] 
[0 00 2] 

[ftSftDafl*] KD«7-Jl>F ■ tf-f F • •? 

> h * Vr>>#, 0*--?' if— /WD b 5 >1f :> 3 > 
©fcaMc/W^** hieat^n ha^ (HTTP) £ 
ffiflBU cn«^-/^f i 1 ^ h • -*->77 v y'^n (H 

TML) <LLrtt56n4St»a>^-^iS2i#S*ffl^ 
-2>gt^I<DT^' , J^->'3> • 7' a F3)l/t*5 B HTM 

t-^*ao^ r -Y ;u^<d- »; > p -zmm-? * c £ 

CC-TS. -Y>£-*? h©ffi«|-C» % iJwWD*? h 
(URL) «c<fcDB»OStiS. *5-fT> h • 

*ft&cf&DT*7-rr> M*y>*i*3reK5!l;s 

[0 00 3] &<<DtmfiK »«tn>fcr»-*IR«rt-C 

DCEi»*tfnseE»I<D»»3>f*-*IR» 
tt % OSF (Open Systems Foundation) *P&A#oJftB 
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-t/3>#3WJBSft»S. OSF DCElt cn6© 

aWccte^rflWHsn*»«7T-fii/-^-tr^ (df 

[0 0 0 4] DFSttl4fifi©77-{^ • 

-TifiB*. ROT«Hfc*DCE-b**y'f--#a«l«:J:* 
flHIO»ll4tf*«S*W. DFS«1tK^ilD 

>t, • ^*7*A£, c<D*-A^Rgfc:x**;F- FT£C 

^T©DFS7 7-f^ffS©DFS^ 

[0 005] D F S <*tettffi©a«0»»7 r -Y-rU - 
20 ^fA) (D^-^try x-f , 7 7 ^UpJJBftL RC/ 

#*<CH*IA>. HSttiOr, ^71f^^;Uy(D (T 
^91f**r*i— Ft*. ^7-/7> 

tew, • tf-/^ctos«^n^'fe^^ i ;7 s *^« 

£*l£) S^fSSE (Basic Authentication) ^Slf^^ffi 
U *HTTPBSCC»bta-1fI DR^^-F 

[0 006] 

-tn^tt, /cix.^7- F^^oH&^-it^ 
*o*-Mtca«sn**&i9>*HTTP»*tcfflns 

n^>o • -^-^^tC^tfc^ 7 -^^ • ^fA^7^ 

50 RCJfDFS±«:Etft3nSX» (DFS-fe + ^y^^CC 



IfttDF S • V-^tfl*^©W0»*, 

s^-eoMcostc, a.— tf i drcm*?- p^uhbs 

[000 7] Ch6©WH«. ^x^-^SO'DF 
S***y?w«**tt£TS±-C* MO&tBHI 

[0 00 8] *^<D^1CD§W«, ^>^-*?F- 

[0009] **W©SkDB«tt. a-Wx^- tf 

JL-if I DZW**?- K©tB*&!W*»JW- 
-7?<5Zs>?<Dtc*b<Dft%k7 -r Jfr - is* 

"2?*- (cookie) "tcSSttStiSaa^V FJU 

[ooio] M*c**w©8d©awtt. f*tt*^-fr> 

h tttBH TTP^7 *-M»»*lWHT * C 4 K <fc 

[ooin mic*§m<DWi<Dmm*s tf^DF s 

lf^KK:DFStcn^^>^*r^>n^ ^-iflDS. 
ta'Jf-fWItJtm, DFS-Jx^-t-A.r 

7* y er-t/ 3 zs<Dtc&<D>7 <-x<omm^m £ 

[0012] Kfc**W©8fl<DBMtt. R»®S*BK 

[00 13]*«M<OJ:0— 

^ DFS (Ztc\tm<Dmm>ftWL7 r 4 • 

A) CDX>r-^ try 7" ^ % 7T-Ol*im\£. SO'-fe+cx 
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[0014] 

ZWMfc&WLy t -Ob • ^^-r A^ODT*-fe;*£i£liES 
— !fKH«*W6*i*3»»Oi©-f > • WHEW 

**-<hur#MSft&#, chance, 

[00 15]^K:^x^^7^7>httM, HT 
30 TPS3Rf^cDfie*cD^L-1f I DStfA^9- F*^Lt 

[0016] *fflB©Hatt*ffi(cJ:nK, JTffiUHTT 

-f^HTMLta, MHTTPimow^n^ 

40 tc. If I DS^7- KICiO, HTMLf 

^fiSKftoJS^, X7- • ^ 7-fe-s^9*^ • r 
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mtcU* ?*-ifiWC?> • 2 5 4 7>r&cJ; 

0. 7 A )\>' ^>^7 L A^CD*?>t9>^>^< V 7 4)1 

I DM^7-F?:«fflU (#tfc:?7 -OU • 
A£tt»K&KKc> *-/t*>6©#*B«t7T-f>l/ id 

[0017] wafoDKWtt. #»iH©Har sbw&c^ 
seoT. *»»©«©B»aa%*ttaB*«. sob 

Ctt*55. 20 
[0018] 

rA^ 01te7n3*i£ o 7> h • ^» 1 0 

r ?*-Ai2ccjg;K£n* a BMBGXBteJL a«^ + 

CCJ:0T^^^^lil^a^cD^--^\'<7)lo-c$>D. 

-<7> b<D lO#7*/> 1 OlCct O^^n-So Z54T 30 

>h ■ v^>tt^«5tf 1 6*$* % Cn^7 h-7- 

>) , 7>f^OV7 r ■ h ' X^X^'U- 

7 (±^-^a» *U Ch6©«^tt"* 

-a «(c-)xy"' htLxmmzinz) a, ^ 40 

• p*-* (URL) tc<fc»)ttSiJ?n4. y-;VF ■ ? 
-fF-«5*^0\ KDVil/^yx^TtSffi 
^i^fAt*^. Cfttt/W'^** FSK2S 
7'D hnjl/ (HTTP) Siffi«-f>^-*7 KOtf 

r?:/ra (HTML) ^ffl^T, y T^;u^^-if 

• TZtXZm&TZ. 50 
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[0019] ftScffJft'? x :/ • -77^7^ 
A12(J, IBM RISC System/6 00 0 
3>Ka-*18*d* CtittA I X (fflSBttSax 

^•^fA20 k Ktf^ h 
TS*» h*^-?* • X>£:/^X • A-i?a>2. 
0&£<7>, *^n^7A2 2*SI?f*J* 

«5 * ^ • t-;< • ^7 9 h 7 * - a l 2 ttl(c, « 

mOtcibO}??? 4 tf)V ' ZL-1f - oi-^ (G 

UI) 2 4*£tf. RISC<-^3>fa-^CDi 
I BMCD^<(DWt%, {^^.tf"RISC Sy 
stem/6000, 013 and 7016 POWERS tati on and PCWERserv 
er Hardware Technical Reference", &S[#^SA23-264 
4-00"C2E^6nri^4. A I X OSit I BKBSfr 
<D"AIX Operating System Technical Reference" (^1 
JK, 1 .9 8 5¥ 1 1 fl) ft i'raS^SftTtiS. IE© 

[0 02 0] • t-^ii'7^7> hg*£Sf§ 

TZfVtr-: ^a>«fi6 (SAF) WOWS 
ft, §S AF«^-<!r>^CD^CDX^^^CC4i5CiT^ 
ffSft4J:5tc«teESn4. CCD^-^>^^0 2(Ct^ 
3*l» l^&JfS^ (authorization translation) Xf*? 
:/3 0-CR»&U *©IH«c*-'<#*5^7>FW9 

RL^cD**aa*sns^ ^/c»^fAtsff^7 
^-^^ h • y-^a«> *-r ^nwB <«*«?*^ h 

/html, -<^-^/qiffti') 3WaffilJ3tl*. *TV? 
3 8«^-^xi|*Sn, • * ;l/-^># 

CD "Web Server Proqrarrmer's Guide", Chapter 5"C2i^ 
[0 02 1 ] • Ijwci 8«, • T^y 
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— > 3 >ffi|g (SAF) omnO-kv h£^t?„ Zfth 

"To Hl*S«#*RTSi. l 8«77' 

»;*•- $/a>- 7*n^^S>^- x-;* (AP 

I) 2 6***, CftttT^y*-: £/b>MA*#. - 

m&TZ. **TO*1f-->*AP I 2 6^«ffl0, a-tf io 
^ftfc:<fc9 *5-fT> b * v» 1 0(D^— !fH\ ^ 

[0 02 2] »4C**?8©HBlWttB»CC <ttitf . * 5 

tr* (dfs) cntt^»3>tfa-ara» 

(DCE) 4*Sn**y h-7-^3EWBc*jl»rieRS 

osF^hx^pjm^yy bo ^r^m^x^^n 
IS. "hv>f>"iur#i$n^ osf DCEhv 

"-fe;U"<hPftfft£. D C E-kJM£> fc<SA,£> 

[0 02 3] DCE DFS50(i, ^-^>^/c* 30 
{capa^a2/-^ + Pf^HJO (RPC) Sr. SfcHBEtf 

FS50^r>H> - v*-^ • 7"P-feX2 7^ 
LT, DCE^^'Jr^ • if-fcTX5 2 <b>T>^^* 
-XT*. C^CKltli, *g#f^FffiM^0 8/7 9 

o o 4 2-*rc»iES*vt:c>s. DCEtf-tfx<D*J/BK: 

spit, DFsa<w>awi«a*r**. ofsbhus 

^«7t^;HSIH*»«0, COCittitODFSd' 
5-fT>h -a— !f*SR|— ©:7T4rtOT*ttSrr*C 40 
£*nJfEfc:U J/c^7-{7>Fm^7 7^^-S/ 

. -»f-/WD*? bV — P • b^7 4 * 

f-zw dfsbs/c 9 

A I X^U-tw >^ • ^>*-f ACDi§^ 

7* A (JFS)-C2>£ 0 HtCDFSW*na#«E)««i7 50 
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^*f-A v ttotDCEP-^'77^^ 
■^fA(LFS)^8ttn a DCE LFStt 
•r - £ «^£> T £ -fe ^ * {£^*T * /c 7 r *f fr'&.U'f 4 
\st bV&MTZDCETZ-bAffimVZ b (ACL) 

[0024] DFS5 0«, l>t>«9>& DC E ^rJl/^nX 

• (Kerberos-based) ©ggaESflMTS. UN I 

-if) ftjettrs^-dffllJfit?**. 

D, W-^ID, ffigff5fc*^U-TW >^ — >^r* 
A(D!RMS<D'JX h v RO'PAG <:?'a-fe*l2iE£0U~ 
zf) iLTfc&ftSBfiBMit?-***. PAGtt, DF 
S5 OiDCE-b+^Vf • 2 i<DBB 

V. "*#v b"*m&m*Z?t^Xffifc?i>. DF 
S:x-1f^ dcOogin£bTg£&<DDCEP^-Y>^ 
«*/M^TBlE^-*<t#, DCEWa'Jf^ - tf-bf 

DFS<tsetpag(H>£ 

PAG/*** hH«*»LftTS. 77^-^fA 
«#fcBR LtDFS »»«8E^KS^ 6PAGtft"HI 
U DF S7 7 4}\s • f-^©RPCg^UtD 
C E 3.— !f ©SSE*ttfir 

[0 0 2 5 ] #»BI!CCBa(*W6ftS«HIP7a-3Qfi 1 H 

ft* 0 tr> 3 >'7^t27«, *na»OEti 
i^29**t^ 0 ^^^T>H 03&« (^"5lf 1 6*il 
Dr) DF S£#£g5jTr££# Uf-;7'a) , 
^- 1f-^2 Zifi (SAF«^-f>25*«lr»t, ) 

(^sr^c) . SAF7'7^>25^i7 

-■y?^ (Fdxt*"4oi imvtw) z^yW 

16(CII Ur^d) , 3.— IfCc^L— if I DSi^^ 
X9-F*ffiffiT*o 3.— !f3&»6^— !f I DM^7 
- F*3Sf#U7c^ Ur^'e) % SAF7 , 7^>f>2 
5^-fev^>3> • 7^t2 7^HJU (XT? 7' 
f) % !fODCE««EW*SWr*. -fe-y->a> 

• -7*-^*2 7*«DCEKtSffEIB* , 5*^ • *-^2 

2^c^*r (^f- w g) . jl— iftar 
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CUJgfcDAP I 7 7^^ >£fl§t>T, ) 7*£> r • -7 

[002 6] :x-1f#DF S7 7 ^Jl/^7^tXlJ:^ 
• 1f-AteJ;0P¥O'fcH£ft-5. a— tf^gECCDCEtCcfc 

-1f«ffi»U *ft«C<fc0 3.-1ft««tt©DFS^-S> 

M4, *(Dtfc«#W»T**URL<DfiHflD 
IB^ £#<&f#£. netscape. comCD^X M /newref/std/coo 
lcie_spec_html"-C^.6tl^"Persistent Client State H 
TTP Cookies' \ Preliminary Specification{C<J; 
***-ttiKit, CGU^l/^FMDt. SetjCook 
ie^ 9 y*HTTPJSSO-»4 Ut*tfC £9 , 
**^T>hK^3hS. WOCD^»*-«S:*aT 30 

[002 8] Set-Cookie H TT Pf&SF^ v #<Dffi$: : 

G I *2 V7b<m&tCt>&. 
Set-Cookie : NAN€=VALUE I expi res=DATE ; 
path=PATH ; domai n=D0MMN_IW1E ; secure 
[0 029] N/WE=VALUE 

CCD* b V>#kZ* t^a> ( *7>-7, RcT^e^rEfc 
<^>-./r>^r$)4 0 C5Lfcf-4t**-AS!fc 40 
«fflrt«:lBar4i2*^*4ti^. URLstyle%XX 

#6, W^{fcWffi«£fcttR#3ttttt>. ttiteSei^Co 
okie^? 5f±-CB«SnSPi— <D«tt"C*«. 
[003 0] expires=CA7E 

expires (fflW JRtttt, tO>»t-«l«Wta 
Wdy, DD-Mon-YYY HH : Mtf : SS GMT 50 



3#gS¥l 0-257048 
14 

[003 1] domai n=DCM^IN_NAME 

A±it«sft*. *j83W-ar*4, ^^-ugKv 

?n^Ci SrSttT £ . Wit "acme . ccm"<D F ^ -/ > JK 
" shipping. crate. acme. com"-$\ "anvil .acme. co 

[0 03 2 ]JBffiSft*F^>rt©**F*»***. F 
^ >(>K:*tbT* FT*. F-*-/>Ut. ". 

com", ".edu", Sc7 r "va.us"OJf^CD F-^ >£:[§]il!*3~ 
£fc«MC. ^«C<<fc*>2o*feB3o(0e»J*F*WS 

Fy-/>©l"^«:A4ffiK©F^^>a:. tf"J*F*2 
-3Stf«it5. F^-f>tt, d>«fc<i 

U^;l>- F-*-f>tt. "COM". "EDU'\ "NET", "ORG", "G 

or\ "M.vRVmr'-c&Z. F-* XDf^ * ;u hffl 

[003 3] path=PA7rl 

path (SK) JRtttt. * **-3W*j»T** F-*>f>rt 

**q«ETa»^ ^^-^ii&sn, url 

S*<t-^CCiHfI^n^ 0 g?S'7foo"tt, "/foobar"S. 
tf"/f oo/bar . html' 1 1 — ScT SB"/"*** fe— tt 

[0034] secure 

*?*-#secure <h7-^Sn-S«^ Chi* 

^ce. cn»$4ft^^^ HTTP S (SS 

L£rfrr*HTTP) t^/tCcKtt&ftStiSC 4*S 

9- + *fr±jWScQ&mz fix $>&±-e& *> l mtt ^ n 

5. 

[0 03 5 ] Cookie HTTPI*^^0«X: HT 
TP1f-/^eURL^:^T^><b#, ^5^1f«UR 

rn^— a*r*£, *r©— abfc^^*-o*-A 

Gookie: NAKtl=OPAQUE_5TRI NG1 ; NAhC2=0PAQU^_STRING2 
[0 03 6] HTTP^9*-*WfflT-5**W©BBE 
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^-A(cJ:»)«fiStiSftHTTP»*CC*fL 

http^ --r^-s^-hrs^^ifccjcfjams 

JSmj&S55£<Dig£\ Xf^64 T«#i8E**:x - If * 

[003 7 ]^f'>^68m 1f-^*Sn^^>HT 20 
ML»3:*iI2£U a-1f if I DREfX* -7- K 

£fg{£-r*. tf-^tta*:. ^-ifK^og^sn*:*: 

f©UR L£x> h y <h Ut4t* * * ^-^^"T^. 
Jb2iCDJ:5fc: x :x— If I D^DCE-fet^'Jf -/ 

«t4£**«ftS. C©»^ • 

£C<tCC<fc9ifi5&3*i£. ^7 0t, a— !f«H 
TML#^W:^L-if 1 DR^7- K^rfSAT^o • 

[003 8] 3.— if I DS^7-K^i^t, J\s- 
9>>\*xr?Zf7 4^mffiL. fie*<DdcOoqin^«^r 
^UT:x--1f*BSET£. BB3KD<fc5K:, daL_loqin<D 
*ff«. 3.-1f36«DFS^iDT*-bX*a»r*ft:»K: 40 

■C, ««e©jlf**Ki*«#* hv^XSn/cHTML 
X»*^^->lftcii2l-rs. 5ttc*^*:/8 l-c, 

7B-CBiE©fi&**s*l»rSn4«^K:tt. 

f77'7 7^m, ^-1f £>@W<£ I D (W*«DC 

E UUID) *£j«-r5. XTvZfl 8-C, ( DC E 

DFS5M&SE9W** t^*/ 3 >-v^-i;t{CHIftW 50 
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eft*^-*-^-* (safctt-r^-rf-ty fatso cciait 

[0 03 9] Jl/-*>tt*^?:78 2^i»StU Zf5V 
•fit*?? 77 7?&f&2tltcm^<D I D*St*8rfcfc 

^^K:naH^6tiS9 e --jr^c--x«:ett3n&XKIE 

^8 2^1f^^e>^7^1fCCKSn/d&f/c>i^ 
Sa-lfC0DFS^iEW*fBL/7RT#^>>ibr« 

^8 67, COB*© I D*^-1f(DS*SaE 

[0 04 0 ] If IW^ID* 

*t4^9+-«:taSU ft-ot^f 9^8 4. 8 6R 
M8^ *-c©«<JB*«:*foraoiISti*- S£o 

#RI5§K:<fcfttf> i-lf I D&Cf^"7-FO«2S 
aVlttK^. Ttt*>ft^-1f*«*«n«:DFSK:ci^> 

x :/ • if - /<«: J: 5 S«S n^>S*ISiiE-fe * * V T a • 
«i*»Lf«. a— !fi* % DFSXf^^^x^- if 
-/*^CC^*)§**<h#, (KcDCE* + *yf^ • 
1f~t*4iIDrny^>LTl>ft«, a-iflD&O' 

* hv^x^n/cx7- • ^ ^-fe-^^-y^ifccjgai 

[004 1 ] #WA<D2 y • ^<-^<DffiiE«*OSf 

*yrt. «*«^-F ■ f 5 ^^^ • SfcB 
36f^^ (CD R0MF7^^"C«fflSti4)gU 
<(J7D^f-7 : ^i' (^n ? fcT- • • K 

ttf©awo^itt^*yrt«ciati 
tiz taffi > t" a - ^ tcfcc^r wtP^tcUJi a n ^ 



(10) 

17 

[0042] *0j*ffl^rffifflsn^>ct5tc, "^^y- 

-A, g/cttn^b'^-^glX tt^7'; h:7*-ACD 10 
ttKtt, *t^i*©ff*©«j5S»JR*«*-r*J:5«:, 

jZ^JWRSftS^ST**. 

[0 04 3] Mic, *»5ittflSS(0»»7 7 4 )\s * fx 
^An«(c^«KF9ftlUfeMu:nuri£^6ftr»ft: 

O'^u-fw >^ - a • r-^^ + ccbl* 
rfcH^Sftft ^ci»$n^5„ fi^r, Wx. 

FS^EttSftS9*^X»*T^-fe^ttttJ:5K:* 20 

XttKJiDBflfSSftfc** h 7-* • 7? -OV • ^>Xf 
A (NFS) ttfeft5iW)Ci, (DFS*5*ffiSft 

[0 0 4 4] ^iiOiUT, *»M©««CcBOr«T 

[0 04 5] (1) »«3>ta-jH»0»»7T^ 
Jl/ - t/Xf-AtCgSttnJffi&'Jx^ • t^-^C, 30 

Sftfca— sf«c % 3«*fE?l«:RT-fe**y'f'-f -1f-tf 

a) TOES'*:/ • if-^CCcfcStulS^7^T>h*>6© 

- hruufcHE-fe** y^-# ■ *9*-fcr*rfWTU 
*OJS*i 0 S WMBBiEttr & * f" v V £ % 

b) ttE*5-fy>hfc, WIHF«*-r*»il*5-fT 
>htf»*^** F««-* 40 

c) hJE*7-YT> htfi. sf I DRW^9- 

h-oftb o tc, mBttsf7«dtrne«N * ^ -t r > f 

(2) «TE}*«^^-YT>httS8*y^*^ FrtOWE 
WOW, ltEEtfer*^^^^-CEteSft*fc5««E9B 
«4MRTSA:aE)(CimSft«. ME ( 1 ) E«W>*tt. 

(3) |»Ea-1fI DS^9-F*JHTMLftS(C 
iDWE^x^-^-^CcattSfti. huE (1) Ett 50 
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(4) WEHTML»3fcMJfi*5-/7> FQa-lffc 
«fc9SBS<SftS, HUE (3) Eflt4>£&. 

(5) »1fca>\**-*WIW>»ti&T4fr ' ^>^fA 

*Bar&**6-C*-3"C. «E»»=i>t*-*W» 
IIE^ft^T^il/ • S'^T'A'MDT^-teXSEiES 

a) WB->x^-t-A{c«tOf«SnSHTTPB* 

r> httja*^*^ f F-r4^$tr*wr 

b) stiB-jxy • *^r> m%mm??JT> 

«E!)*y • -*-^#UE^x^- *^-f7>FK 
P^>HTMLfS» at«>EHTTP»*«:J:Dtt 
J'JJti^URL *St*» 1 (DSf» * 5 T > h ttffi* ^ 

c) |JE^-1f*JS«EHTML»S:*^-1f I DRC^* 
XC7- FteJ^TEfiM"**^?:/*. 

d ) L tcWJZZ % iJEU R L tttsffiiBSg 1 CDf^gS 
*^7>F^«*^**h<t-@fC, WTE^*^- 

f ) «B«)x^' *5-fT>HC. SB!Hf-*W-rS»2 
®ttK» 5 ^ T > h W&* -JV>x.VY ^tXf ^ ^ 

e) iia^x^- *^-f7>F**, a-if i d»w** 

E^fifc? T -T^ * ^fArt0^x^Xf-s(D^<7^ 

(6) tmw«wi)rE*ttffi?8*T^H2x-r*fc»ec 
imznz. m& ( 5 ) E«©*ffi. 

(7) »»a>tra-*3R*flC>»«7r -f^ ■ ^rA 
l>E^lk7r • ^^-7A^(DT^*fe^«:KiE3 

a) buE^x^- ^5^fT> h^6©F^>1f^^H> 

> h3WJE»Bi7 7-f;l/ ■ WfA^07^-fe^*S* 

b) fjE^x*^- 5^^^T> haWWEdUt^T-f;!/- ^ 



IS 

->>5:fuE£x:7* • *5 A T> YK-WS^T v 7'£, 

c) flTESx:/- # 5 JT> h&Wl&>ftWL7 t Ifr- > 

7*7:7*4. 

d) «TE»5x^- *7^T>h&C, «5E^x:7*- 

e) BJfa*5-f 7>F#. OL-if I DXtf^X7-F<D 10 
77^1/ - f AflO^ x < 7 ^ t ^ ^ 

(8) NE»?+-AomBWn-T«« fuE^-^- 

xa> 6«rEsatttr a ^ -r 7 artels s n/c»»8EW*4fe 
*r4fc«>fc«»sti5> sna (7> s»©:&ffi. 

grtog»jo 1 0^7 ^ t ^^f , s*e 
do) »»3>t:*-jaa©»»77^ji/' ^x-r 30 

A«,HfC*oT, »E»«=i>bf ME& 

tcbtrvc. 3>hf»-dri(iabDis8Et«(w*t, mia^ 

> tf * - £S?ffl U oJffiEtt«#CCES 3 n/c^'a 9? A 

x^ • if-^tcfcitoE^*^ • *7>fT> F#>6<D^ 
—if I DS^^7- K^SfftcfSSOTv u^>- 40 

Fn^fcmB-fe+xyrw -U--fcr*'Cj|fTU 
OBJIttC«*«K?ll*E1*r***4, WIB^x^- 

t^^h^H-r^gi, lufBg^o^^^tfmriaif^ 

^7-fr>h«tt*^x^h©5E«K:i6»br, ME 

A§So° n . 

(11) WB^a^A • f 5 — mriaa^-r> • 7' 
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*St*. lafB (10) IBig©=i>f^-* • 7'n^A 

HA. 

(1 2) ME^n^A ■ BE^T-f^ 
• S/^^AK:BiE3nfc^-1fOS5E»«BE?HOE1fi«: 

war we ( i o) swo^t:*-* 

(13) ««**i*9-rT>htt«*^x*F#*9 

WE ( l 0) EttD3>Ka-* • 

(14) »«n>brx-*aBK©»tSt7T-/^- 
A«c«tt?ItBtt->x^--9-w«(c, ■5x^^7-<7> 

Ai?o a n-c^>or, «rE»tfe3>ta-*a«3&J % iuia# 

ffc^r-OI/ • ^X^A^©T^-b^*HBE3ti/c^— If 

> b * - £ Kf« L pJtBBtSJKfttcEtt S tifc A 
•f*-**:***. fJE^P^A • f f -*# % buE^ 
ffc:7 7 >(;U • txXxA^CDT^'feX^BiEStl/c^-lf 

(o«WB3maEBii©Ettftff»ra*ai» 

r, MEEfmcDNEXKEino 1 o*7^txt4 c 

- ^a?7ASn n D. 

(15) »ffc7r-/^- *>^fA^ CDT^-feX^rlSlE^ 

yXrAi, ^Hjgn>f^. — ^? ■ * ? F "7 — ^*^0 
r. • if-'* - ^n^AtcSttDjffett^x^ • 

^7^7> htc, 7-;UK • y-f F • 
fiftti'Jx^'f-^^o^Ai, KIB 1 ? x ^ * 
t>^^T> FSHrEO*^ • -9--^ • ^'D^^ACcggaE 

■rst-^ ■ ^^^^>4^^. MEif-^ ■ 

T> h^e>cD^-if I FOSfatcjEKSO 
t\ n?^> • F=a;i/*BuE-fe*x y^-f • If-tf 
X^^fL, *©»»*D**»EII*Ettr*#S 
4. UE^x^- ^7^T>h^:, «B!Ff-*«rS»« 

DacF;U7-F©ttb0«c 1 WEBB!ff-*Stf«E» 
«*7-<T>Ftt»*^x^ KD^<gftK:jSSL 
r. WE»ft^r -T^ • S/^fAftO'Ji^SS^OT 
^■fe^^:©J®-ra^|g4, Sr^tf, r3>b"^-^ 0 

(16) WEW^**a3WtJEai8II^*ffil»r % SJE 
»^lE0^^T^-l2XTa, ME ( 1 5) Ett©3>bT* 

(17) ^\ acmE'j*^-*-^ 
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n*l»Sa»tt7r A to m&ft&yrJto 

a) MB^x^-l^-^iCJc&ttE^x^- *»-fr> 
u^>f> * ha^mrE^^Ufw -if-t^xr 

b) we***- t?^ 4t> tic. mtfrzmrmm 

c) SuE*^-f7>h#^ S?E:x— tf I DS^9- 

d) WE**^- ^7^T>h^, HfEi-lfl D&tf 

BufS»?^^ • 20 

(18) ntSs»9kVr4to • S/^^A©flKffl*BBESn 

fci-if©iTO5«SEw©B«*ff»ra^^^^** (api) 

tf, UIB ( 1 7 ) Ett©#& 

d9) m^mm^m^m^hm^m^mi^m 

TZtc&lcmiZInZ, WE ( 1 8) E*M>#tt. 
(20) tuEP ^-f >-^OF :a Jl/#^J5Ett<0*B*. m 
ttt^zf - V-JifrhmZV*-? ' *y4T>btCft& 

(17) E«D#£. *30 
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[19 2] *7^T> h • vixXD^^tf^^COS*^ 
7 a - =p + - h *7j^-r it * £. 

i o *9-fr> h • v>>> 
mmr+^to 

A I X**<U— >y ■ v'Xriv 
if?y jUto • jl— if - >f>$^x-^ (GU 
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2 9 E«« 

5 0 »»7 7^l"^fA 

52 DCE-fe*~ V-r-f • tf* 

5 6 T^-»h • 

5 8 f=-5^<-^ 
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